User login issues with cookies

Hey guys,
I’m having login issues with persistent cookies , this happens when one node of the cluster restarts and some users will not be able to login. i think its due to the restart , cookie in the client browser is no longer valid . Can this be fixed using cookie JSESSIONID prefix nocache ? or expiry ? appreciate your help.

global
    log stdout format raw local0 info
    pidfile /run/haproxy.pid
    daemon

    # Default SSL material locations
    ca-base /etc/ssl/certs
    crt-base /etc/ssl/private

    # Default ciphers to use on SSL-enabled listening sockets.
    # For more information, see ciphers(1SSL). This list is from:
    #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
    ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
    ssl-default-bind-options no-sslv3
    tune.ssl.default-dh-param 2048

defaults
    log global
    mode http
    option httplog
    option dontlognull
    timeout connect 60000
    timeout client  50000
    timeout server  50000

listen stats
    bind *:1936
    stats enable
    stats uri /
    stats hide-version
    stats auth admin:admin

frontend http-frontend
    bind *:80
    bind *:443 ssl crt /server.pem
    redirect scheme https if !{ ssl_fc }
    mode http
    default_backend http-backend

resolvers localdns
    parse-resolv-conf
    hold valid 5s

backend http-backend
    mode http
    balance roundrobin
    default-server inter 2s fastinter 2s downinter 2s fall 3 rise 2

    option forwardfor
    http-request set-header X-Forwarded-Port %[dst_port]
    http-request add-header X-Forwarded-Proto https if { ssl_fc }

    cookie JSESSIONID prefix
    default-server resolvers localdns
    option httpchk HEAD /ha/health HTTP/1.0
    server-template node1 1 ${BACKEND_NODE1} check cookie node1
    server-template node2 1 ${BACKEND_NODE2} check cookie node2

Use option redispatch

thanks for the reply @lukastribus . Problem is haproxy removed the unhealthy node when its restarting, so no request will be redirected to the restarting node, even after restart (health check pass) node can accept connections, but it rejects the user login. I’m using static cookies every time it create a new cookie for the session. do i need to add

cookie JSESSIONID prefix nocache

or remove the following

default-server inter 2s fastinter 2s downinter 2s fall 3 rise 2

will it make any difference ?

Yes, users will have to relogin when routed to a different backend server, or when your backend server looses the session informations.

There is nothing that haproxy can do about it.